diff options
| author | Nathan Kinkade <nath@nkinka.de> | 2014-03-14 23:56:30 +0000 |
|---|---|---|
| committer | Nathan Kinkade <nath@nkinka.de> | 2014-03-14 23:56:30 +0000 |
| commit | 1b2c2666493f6160fe4742370f62d6e1dc73fa84 (patch) | |
| tree | d69243ceac3019d4589f7d9fc0f3b5dd3c1470f9 | |
| parent | d17b2ce95f4409eddb1e95845e378cff2a7f32a5 (diff) | |
Fixed some escaping problems which were perhaps insecure and definitely causing validation problems.
| -rw-r--r-- | templates/food_search.tpl | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/templates/food_search.tpl b/templates/food_search.tpl index e265360..7d8b26d 100644 --- a/templates/food_search.tpl +++ b/templates/food_search.tpl @@ -12,7 +12,7 @@ {if isset($searchResults)} <div style='margin-top: 2ex;'> The following items matched your search. - Select one, or <a href='/?{$smarty.server.QUERY_STRING}'>refine your search</a>. + Select one, or <a href='/?{$smarty.server.QUERY_STRING|escape:"url"}'>refine your search</a>. </div> <div style='margin-top: 2ex;'> {if $sortType == "Category"} @@ -21,11 +21,11 @@ {foreach from=$foodCat.searchResults item=searchResult} <div> {if $category == "userFood"} - <a href='view_food?{$searchResult.food}&description={$searchResult.foodDesc}'>{$searchResult.foodDesc}</a> + <a href='view_food?{$searchResult.food|escape:"url"}&description={$searchResult.foodDesc|escape:"url"}'>{$searchResult.foodDesc|escape:"html"}</a> {elseif $category == "userMeal"} - <a href='view_meal?meal={$searchResult.food}&description={$searchResult.foodDesc}'>{$searchResult.foodDesc}</a> + <a href='view_meal?meal={$searchResult.food|escape:"url"}&description={$searchResult.foodDesc|escape:"url"}'>{$searchResult.foodDesc|escape:"html"}</a> {else} - <a href='food_quantity?food={$searchResult.food}'>{$searchResult.foodDesc}</a> + <a href='food_quantity?food={$searchResult.food|escape:"url"}'>{$searchResult.foodDesc|escape:"html"}</a> {/if} </div> {/foreach} @@ -34,11 +34,11 @@ {foreach from=$searchResults item=searchResult} <div> {if $searchResult.category == "userFood"} - <a href='view_food?{$searchResult.food}&description={$searchResult.foodDesc|escape:"html"}'>{$searchResult.foodDesc|escape:"html"}</a> + <a href='view_food?{$searchResult.food|escape:"url"}&description={$searchResult.foodDesc|escape:"url"}'>{$searchResult.foodDesc|escape:"html"}</a> {elseif $searchResult.category == "userMeal"} - <a href='view_meal?meal={$searchResult.food}&description={$searchResult.foodDesc|escape:"html"}'>{$searchResult.foodDesc|escape:"html"}</a> + <a href='view_meal?meal={$searchResult.food|escape:"url"}&description={$searchResult.foodDesc|escape:"url"}'>{$searchResult.foodDesc|escape:"html"}</a> {else} - <a href='food_quantity?food={$searchResult.food}'>{$searchResult.foodDesc|escape:"html"}</a> + <a href='food_quantity?food={$searchResult.food|escape:"url"}'>{$searchResult.foodDesc|escape:"html"}</a> {/if} </div> {/foreach} |